RE: Just Carnivore (was: Yahoogroups and Carnivore)
|> From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu] |> Sent: Monday, September 17, 2001 10:10 PM |> |> On Mon, 17 Sep 2001 18:01:53 PDT, Roeland Meyer |> <rmeyer@mhsc.com> said: |> > However, given mil-grade VPNs these days, there is no way |> they can read what |> > you sent. They can only tell that you sent something. |> However, I just |> > discovered the Steganography stuff in my SuSE Linux |> distribution, hmmmmm. |> > But, they still know where it came from and where it went. |> |> As Bruce Schneier said, the problem with steganography is |> that you need |> a good cover story for why you're mailing JPG's of giraffes |> back and forth... I can actually see lots of applications for steganography; Stealth porn on a public web-site, for example. But for purposes of clandestine communications with and far-flung org, use a news content site that has pictures and imbed messages in the news content pictures. A site like www.Kavkaz.org, for an example, could be used to transmit messages in such a way. Another method is to take advantage of a photo album sharing site like www.ofoto.com. Whom is to know that a mega-pixel image isn't just an image of the family dog? Photos are just the easiest thing, there are other multi-media content vehicles. However, most folks aren't sufficiently talented to be able to post original music. I imagine that the terrorist population has no larger percentage of musical composers than the general populous. Whereas, people generally take snapshots like crazy. I am reasonably sure that Casper the friendly ghost has either thought of, or used, most of them, at one time or another. I can't think that your average terrorist scum-bag has any less of an imagination. So, Bruce Schneier, when posing that problem, must have had his imagination disengaged. There is more than adequate cover story for passing huge JPGs around.
On Mon, 17 Sep 2001 22:36:53 PDT, Roeland Meyer said:
So, Bruce Schneier, when posing that problem, must have had his imagination disengaged. There is more than adequate cover story for passing huge JPGs around.
No, he actually had his brain engaged. His point was that if you're trying to use steganography to move data around under the nose of a government that's actively trying to catch you at something, you can't just start sending files around, because that would set off traffic pattern analysis warnings. http://www.counterpane.com/crypto-gram-9810.html#steganography for the whole story. /Valdis
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You're assuming that you HADN'T established that pattern already.. I think an excellent delivery method would be to embed in porn, and post to a mailing list/yahoo group/what have you to which both people are subscribed... Granted the FBI could track it down, but if you're following your established pattern of sending porn, and knowing that your recipient is on the distribution list, that's more than likely a better way than any other form of person to person email.. Just my $0.02. Regards, Matt - -- Matt Levine @Home: matt@deliver3.com @Work: matt@easynews.com ICQ : 17080004 PGP : http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x6C0D04CF - -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Valdis.Kletnieks@vt.edu Sent: Tuesday, September 18, 2001 2:27 AM To: Roeland Meyer Cc: nanog@merit.edu Subject: Re: Just Carnivore (was: Yahoogroups and Carnivore) On Mon, 17 Sep 2001 22:36:53 PDT, Roeland Meyer said:
So, Bruce Schneier, when posing that problem, must have had his imagination disengaged. There is more than adequate cover story for passing huge JPGs around.
No, he actually had his brain engaged. His point was that if you're trying to use steganography to move data around under the nose of a government that's actively trying to catch you at something, you can't just start sending files around, because that would set off traffic pattern analysis warnings. http://www.counterpane.com/crypto-gram-9810.html#steganography for the whole story. /Valdis -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO6bsBMp0j1NsDQTPEQKL9ACg2izxDjvDBpDGoxvS6nSZSN5qJswAn19G ykX6kXCLKHvA617h0O5uK4wa =OASv -----END PGP SIGNATURE-----
participants (3)
-
Matt Levine
-
Roeland Meyer
-
Valdis.Kletnieks@vt.edu